Identity and access management is more complicated when organizations rely on a cloud infrastructure, says Brandon Swafford, CISO at Waterbury, Connecticut-based Webster Bank, which is implementing a new IAM system.

"As you build out new capabilities, both on premises and in the cloud, you have start to focus on how do I continuously monitor who has access to the new technologies, new applications and new services and am I enforcing ... access correctly," he says in an interview with Information Security Media Group.

The biggest challenge in deploying the next generation of identity and access management technology at a bank is ensuring business process optimization, Swafford says. That's complicated, he says, because banks have business units that operate somewhat independently as well as services that are centralized.

"The biggest change from an older IAM to a new IAM has to do with managing cloud accounts and cloud infrastructure, because, frankly, it comes and it goes so quickly," Swafford says. "The amount of control that you have is incredibly high compared to before, and you have to link that in with your orchestration systems."

To make security frictionless and provide ease of access, Swafford suggests providing access to users through single sign-on for multiple systems combined with strong authentication, he says.

In this interview he offers insights on:

The impact on business and security from deploying next-generation IAM;

Integrating new technology with legacy apps and platforms;

The potential benefits of using blockchain technology for IAM.

Swafford has more than 12 years of experience in legal investigations and security, including at hedge funds, the U.S. intelligence community and as a cyber-counterintelligence consultant and analyst. He has worked with the National Insider Threat Task Force and the Office of the National Counterintelligence Executive. Swafford provided insider threat analysis and investigation consulting to the International Monetary Fund in Washington. Prior to joining Webster, he served as the chief technology officer for insider threat at Forcepoint.